AN ERROR IN A COMPUTER VERIFIED PROOF OF INCOMPLETENESS BYRUSSELL O’CONNOR

James R Meyerhttp://www.jamesrmeyer.com

v2: 03 June 2016

Abstract

This paper examines a proof of incompleteness by Russell O’Connor, who claims thathis proof has been verified by computer. This paper demonstrates that the proof has afundamental error of logic which renders the proof invalid.

Version History:

Version 2: This version deals with anomalies arising from O’Connor’s usage of the nota-tion ⌜ ⌝ in his descriptive text, which is rather confused. This does not affect the thrust of theargument presented. An addendum has been added which explains how such a flaw can occurin a proof which is claimed to have been completely checked by computer code. The previousversion can be accessed via http://www.jamesrmeyer.com/sitemap.html .

1 IntroductionThis paper demonstrates a fundamental error in a proof of incompleteness by Russell O’Connor,first published in 2005 [1]. This proof also can be found in a thesis by O’Connor [2]. This paperdoes not discuss the implications of the failure of the computer verification software to detect theerror in the proof; that will be published elsewhere.

2 O’Connor’s proofO’Connor’s incompleteness proof uses the Coq proof assistant [3], a system that has gained muchacceptance. O’Connor defines a formal system within Coq, which is a system similar to Peanoarithmetic. It consists of a set of symbols which constitute a language that O’Connor calls LNN,and a set of axioms which he calls the NN axioms. O’Connor’s description of his proof can befound online [1].

It should be noted that O’Connor claims that his formal proof is a proof of incompleteness for anyformal system satisfying certain criteria. This is factually incorrect. O’Connor’s formal proof isa proof of incompleteness only of one particular formal system, the above mentioned system withthe NN axioms; his formal proof does not extend the proof to apply to any other formal system.

1

For clarity, O’Connor’s computer code expressions will be printed here in monospace typewriterfont, for example:

notH (forallH 0 (forallH 1 (equal (var 0) (var 1))))represents the formula ¬∀x0.∀x1.x0 = x1.

We shall first summarize some of the notation and definitions that O’Connor uses before dealingwith the details of his proof:

⌜ ⌝ O’Connor’s use of this notation is rather confused. It only appears in his description ofthe computer proof, and not in the computer code, so it is intended to refer to functionsin the computer code.In one section he states that he will use ⌜n⌝ in the text to refer to the function natToTermin the computer code, which is a function that gives the formal system format of a givennatural number n, so that, for example, ⌜0⌝ = 0, ⌜1⌝ = S0, etc.a

In another section he defines that he will use ⌜φ⌝ in the text to represent the function⌜codeFormula φ

⌝, and similarly ⌜t⌝ is to represent the function ⌜codeTerm t⌝.b

However, it cannot be that ⌜codeFormula φ⌝ refers to a composite function where the

function natToTerm is applied to the value of codeFormula φ , since such usagedoes not occur in the actual computer code. The same applies to ⌜codeTerm t⌝ andcodeTerm t.It is evident that O’Connor’s intention is that where ⌜ ⌝ occurs in the text, it correspondsto the computer code for the Gödel numbering function; where ⌜φ⌝ occurs in the text, andφ is a formal system formula, then it corresponds to the computer code codeFormula φ ,which is the Gödel numbering function for a formula, and where ⌜t⌝ occurs in the text,and t is a term of the formal system, it corresponds to the computer code codeTerm t,which is the Gödel numbering function for a term.c

φ[xi/s] This represents the substitution of the variable xi in the formula φ bythe value s.d Asindicated above, where ⌜φ[xi/s]⌝ appears in the text , this is intended to represent the(Gödel) number of the formula tht results from such substitution.

In his proof, O’Connor states:

‘I proved that substitution is primitive recursive. Since substitution is defined in termsof Formula and Term, it itself cannot be primitive recursive. Instead I proved thatthe corresponding function operating on codes is primitive recursive. This function iscalled codeSubFormula and I proved it is correct in the following sense:

codeSubFormula(⌜φ⌝, i, ⌜s⌝) = ⌜φ[xi/s]⌝ ’

aSee O’Connor’s section 2.8 Languages and Theories of Number TheorybSee O’Connor’s section 3 CodingcFor convenience, the term ‘Gödel numbering’ is used here to refer to the encoding function that assigns a

unique number to each symbol string of the formal system, although O’Connor uses a different encoding system tothat which Gödel used.

dSee O’Connor’s section 2.4 Definition of substituteFormula

2

Assigning the computer code names for the functions on the left side of the above gives:codeSubFormula(codeFormula φ, i, codeTerm s) = ⌜φ[xi/s]⌝

O’Connor’s proof relies on the theorem that for every primitive recursive number-theoretic relationor function there is a corresponding representation of that relation or function in the formalsystem. A crucial step in O’Connor’s proof is the assertion that this applies for the function:codeSubFormula(codeFormula φ, i, codeTerm s).

Now, according to the definition of a primitive recursive number-theoretic functione, for anyexpression that is a primitive recursive number-theoretic function, all of its terms must also beprimitive recursive number-theoretic functions, or be a natural number, or be a variable with thedomain of natural numbers. For example, given that the function f (y)= ((y−7)−5)−3 is primitiverecursive then so also is the term y−7. The function f (y) = (y−7) is primitive recursive, and thefunction f (z) = (z−5)−3, derived by letting z = y−7, is also primitive recursive. Similarly, for theterm z−r, f (z)= z−r is primitive recursive as is the function f (x)= x−3, derived by letting x= z−5.

The error in O’Connor’s proof is readily apparent. The composite function that iscodeSubFormula(codeFormula φ, i, codeTerm s) cannot be a number-theoretic function, sincethe terms codeFormula φ and codeTerm s are not number-theoretic terms.

The domain of the variable φ is not the domain of natural numbers, and therefore the termcodeFormula φ does not satisfy the definition of a primitive recursive number-theoretic function.The term codeFormula φ has been substituted for a variable of the function codeSubFormula. Itfollows that either the domain of that variable is not restricted to termswhich are natural numbers ornumber-theoretic terms, in which case codeSubFormula cannot be a primitive recursive number-theoretic function, or else the substitution of the variable of the function codeSubFormula was anillegitimate operation. The same applies for the term codeTerm s , which has also been substitutedfor a variable of the function codeSubFormula.

Since the function codeSubFormula cannot be both a primitive recursive number-theoreticfunction and also have variables with a domain that includes the entities codeFormula φ andcodeTerm s , O’Connor’s proof is critically flawed.

O’Connor refers to extensionally equivalent functions. He states:

‘Rather than working directly with primitive recursive expressions, I worked with par-ticular Coq functions and proved they were extensionally equivalent to the evaluationof primitive recursive expressions.’

Of course, there can be a function called codeSubFormula(x, y, z) that is not a number-theoreticfunction, and where the variables x, y, and z may be substituted byx = codeFormula φ, y = i, and z = codeTerm s (for allowable values of φ and s), and that givesthe composite function:codeSubFormula(codeFormula φ, i, codeTerm s).

eAs a point of interest, a definition of primitive recursion is found in Gödel’s proof of incompleteness [4].

3

Unsurprisingly, for specific natural number values a, b and c, as given by a = codeFormula φ, b = i,and c = codeTerm s , there will be a number-theoretic function F(u,v,w) (where the domain of thevariables u, v, w are natural numbers or number-theoretic functions) so that the function F(a,b,c)gives the same natural number value as the composite functioncodeSubFormula(codeFormula φ, i, codeTerm s).

And one can apply the name codeSubFormula(x, y, z) to the function F(u,v,w). But that doesnot mean that the two functions which now have the same name are extensionally equivalent,nor does it mean that the two functions must both be primitive recursive number-theoretic func-tions. Two functions are extensionally equivalent if and only if they always give the same valuefor the same argument values. This obviously cannot be the case for the composite functioncodeSubFormula(codeFormula φ, i, codeTerm s)which is not a number-theoretic function, andF(u,v,w), which is a number-theoretic function. The fact is that the first and third arguments ofthese two functions do not have the same domains, and the function F(u,v,w) is undefined forterms outside the domain of its variables.

3 Response from O’Connor to the demonstration of the errorin his proof

O’Connor’s response to the demonstration of an error in his proof is as follows:

‘Essentially the author’s claim is that O’Connor proves thatcodeSubFormula(codeFormula φ, i, codeTerm s) is a primitive recursivefunction. Of course, O’Connor doesn’t claim this in O’Connor’s paper nor in hisformal proof. As the author rightly notes, this expression as a function of phi anddoesn’t even have the type of a number theoretic function. O’Connor does claim andformally prove that codeSubFormula is a primitive recursive function.The author is under the mistaken impression that one needs to prove thatcodeSubFormula(codeFormula φ, i, codeTerm s) is primitive recursive in orderto complete Gödel’s theorem. However, to prove Gödel’s incompleteness theorem, itsuffices to prove codeSubFormula is primitive recursive and to prove:Lemma codeSubFormulaCorrect :

forall (f : Formula) (v : nat) (s : Term),codeSubFormula (codeFormula f) v (codeTerm s) =

codeFormula (substituteFormula L f v s).’which is exactly what O’Connor formally proves, and is what Gödel intended.’

Here, O’Connor ignores elementary principles of mathematics. If the fundamental principlesof mathematics are being rigorously adhered to, then the free variable of a function cannot besubstituted by values that lie outside the domain of that variable. If O’Connor’s result depends onviolating the fundamental principles of mathematics, then it cannot be described as a mathematicalproof.

If a function is defined as being a number-theoretic function, then it is defined as having variableswith a clearly defined domain, a domain of natural numbers or functions that are themselvesnumber-theoretic functions. If a function that has the designation codeSubFormula is a primitive

4

recursive number-theoretic function, then it cannot be the same function that happens to have thesame designation, but whose variables have been substituted by terms that are not natural numbersor number-theoretic functions. The fact is that the function codeSubFormula that O’Connor usesin his proof is a function where some of its variables have a domain that is not restricted to thedomain of natural numbers or number-theoretic terms, and therefore it must be the case that thatfunction is not a primitive recursive number-theoretic function. Logically, his proof cannot containa function that is called codeSubFormulawhich is a primitive recursive number-theoretic function,and at the same time, the variables of that function are substitutable by non-number-theoretic terms.

O’Connor continues:

‘In any case, if any serious researcher claimed that a software proof assistant is flawed,they would illustrate the flaw in the software system itself, not attack specific theoremsproved using such software.’

This author has demonstrated that there is a flaw in the proof, and hence there must be a flaw inthe verification of the proof. The system software consists of thousands of lines of computer code,and the proof itself consists of thousands of lines of computer code. The complete definitionof any term can be dependent on many other lines of code. For example, the code for thefunction codeSubFormula depends on the following sub-sections of code: primRec, cPair,Arith, folProp, code, extEqualNat, Bvector, codeSubTerm, codeFreeVar, Max and many ofthese depend on other sub-sections. For example, primRec is dependent on: Arith, Peano_dec,Compare_dec, Coq.Lists.List, Eqdep_dec, extEqualNat, Bvector, misc, Even, Max. It israther bizarre to suggest that it is incumbent upon this author to trawl through that material tolocate the precise lines of codes where the error originates, rather than the creators of the systemsoftware or the proof.

References[1] R. O’Connor, “Essential Incompleteness of Arithmetic Verified by Coq.”

http://arxiv.org/abs/cs/0505034, 2005.

[2] R. O’Connor, “Incompleteness & Completeness.”http://webdoc.ubn.ru.nl/mono/o/oconnor_r/incoanco.pdf, 2009.

[3] Coq, “The Coq Proof Assistant.” http://coq.inria.fr/refman/index.html.

[4] K. Gödel, “Über formal unentsceidebares ätze der Principia Mathematica und verwandterSysteme I,” Monatshefte für Mathematik und Physik, vol. 38, pp. 173–198, 1931.

5

Bibliography - Errors in other incompleteness proofs[a] J. R. Meyer. “An Error in a Computer Verified Proof of Incompleteness by John

Harrison.” http://www.jamesrmeyer.com/pdfs/ff_harrison.pdf, 2011

[b] J. R.Meyer. “AnError in a Computer Verified Proof of Incompleteness by Natarajan Shankar.”http://www.jamesrmeyer.com/pdfs/ff_shankar.pdf, 2011

[c] J. R. Meyer. “A Fundamental Flaw in an Incompleteness Proof in the book ‘An Introductionto Gödel’s Theorems’ by Peter Smith.”http://www.jamesrmeyer.com/pdfs/ff_smith.pdf, 2011

[d] J. R. Meyer. “A Fundamental Flaw In Incompleteness Proofs by Gregory Chaitin.”http://www.jamesrmeyer.com/pdfs/ff_chaitin.pdf, 2011

[e] J. R. Meyer. “A Fundamental Flaw In Incompleteness Proofs by S. C. Kleene.”http://www.jamesrmeyer.com/pdfs/ff_kleene.pdf, 2011

6

ADDENDUMto

“An Error in a Computer Verified Proof of Incompleteness by Russell O’Connor”

03 June 2016

This addendum was created because it had become apparent that some readers had erroneousimpressions regardingO’Connor’s proof, leading them to the erroneous conclusion that the entiretyof O’Connor’s proof is a complete self-contained formal proof of incompleteness based only onfundamental mathematical axioms. This is not actually the case, as will be demonstrated below.

In addition, this addendum also addresses O’Connor’s contention that: ‘. . . if any serious re-searcher claimed that a software proof assistant is flawed, they would illustrate the flaw in thesoftware system itself, not attack specific theorems proved using such software.’

Addendum: 1 Variable Domains and SubstitutionsIn many incompleteness proofs, there is an assumption that one can always substitute a variablethat has a domain of natural numbers by a non-number-theoretic function provided its range ofvalues are natural numbers. As will be considered below, if it is the case that all variables of thenew expression should also have the domain of natural numbers, this is logically inadmissible. Thequestion that is addressed here is whether such substitution can give rise to errors, and it will beshown that errors can arise when it is assumed that the new expression produced by the substitutionretains the number-theoretic property of the original expression.

Consider this expression that is defined to be purely number-theoretic:n+2 > 0

Now, given a functionGN(s), whose range is natural numbers, andwhere s is a variable whosedomain is a given set of symbol strings that include strings that are not numbers,a supposethat we now substitute the n by GN(s) to give the expression:

GN(s)+2 > 0

Such a substitution is a commonmathematical operation, but this is merely a convenient short-cut to a more formal expression:

For all s as symbol strings, there exists a natural number n, such that n = GN(s), andn+2 > 0.

The crucial point here is that this is an expression where its overall language is not confinedto objects that are only natural numbers, that is, it is not a purely number-theoretic expression,but within this overall expression, n+2 > 0 remains as a purely number-theoretic expression.It follows that the convenient short-cut that is:

GN(s)+2 > 0

is an expression whose overall language is not confined to objects that are only naturalnumbers, and it is not a number-theoretic expression. It is an expression where the variable n,

a. The Gödel numbering function is an example of such a function

Addendum 1

whose domain is natural numbers, has been substituted by an expression that is not a naturalnumber. Clearly if n+ 2 > 0 has a property that is dependent on the fact that it is a purelynumber-theoretic expression, then there is no reason to assume that that property also appliesto GN(s)+2 > 0.

As noted, such a substitution is an extremely commonmathematical operation. In cases that involveonly numbers and variables for natural numbers, the function that is being substituted is a functionwhich itself is a number-theoretic function whose objects are natural numbers, and whose variableshave the domain of natural numbers. As an example, if we use the same purely number-theoreticexpression as was used above:

n+2 > 0

and given a purely number-theoretic function f (x), where x is a variable whose domain isnatural numbers, and we now substitute the n by f (x) to give the expression:

f (x)+2 > 0

Again this is a convenient short-cut to a more formal expression:

For all x, there exists n, such that n = f (x), and n+2 > 0.

But here, in contrast to the previous case, the overall language of the expression remains asa purely number-theoretic language. In this case, we do not need to separately specify thedomains of n and s since every variable in the language is already specified as having thedomain of natural numbers.

Addendum: 2 RepresentabilityO’Connor’s proof, in common with many other incompleteness proofs, relies on the notion of“representability” of certain number-theoretic expressions that are not expressions of the formallanguage NNb - that is, that for certain number-theoretic expressions of the computer codec thereare expressions of the formal system NN that “represent” the relations between numbers that aregiven by those expressions of the computer code. More formally, the notion of “representability”is generally given in terms such as the following:

An n-ary number-theoretic relation R(x1,x2, ...,xn) is said to be representable in a formalnumber-theoretic system T if there is an expression with n free variables in the system T ,which we designate by ϕ(m1,m2, ...,mn), and where:∀x1,x2, ...,xn, ∃m1,m2, ...,mn,

m1 = FT(x1), m2 = FT(x2), ..., mn = FT(xn) ∧

R(x1,x2, ...,xn)⇒ T ⊢ ϕ(m1,m2, ...,mn) ∧ ¬R(x1,x2, ...,xn)⇒ T ⊢ ¬ϕ(m1,m2, ...,mn)

where FT is a function that gives the numbers x1,x2, ...,xn in the format of the formal systemT .Similarly, an n-ary number-theoretic function f (x1,x2, ...,xn) is said to be representablein a formal number-theoretic system T if there is an n+1-ary number-theoretic relationR(x1,x2, ...,xn+1) where:

∀x1,x2, ...,xn+1, R(x1,x2, ...,xn+1) ≡ xn+1 = f (x1,x2, ...,xn)

and the above condition on R(x1,x2, ...,xn+1) also applies.

b. NN is the formal system for which O’Connor’s proof claims incompleteness.c. i.e. expressions that are not expressions of the formal language NN.

Addendum 2

Note that in the above, the only variables involved are variables whose domain is natural numbers.The notion of “representability” will be further considered in sections Addendum: 2.1 and Adden-dum: 3 below. It will be noted here that the methodology of O’Connor’s proof is the same as thatused in several other incompleteness proofs, for example Smith[1], Smullyan[2],[3], Boolos[4],Franzén[5], Lindström[6], Mostowski[7], Harrison[8]. In such proofs, the principle is that, givenan expression that is a number-theoretic expression that states a relation between numbers and/orvariables whose domain is natural numbers, then (subject to certain additional conditions) there isan expression in the formal system that “represents” the same relation.

Addendum: 2.1 Number-theoretic expressions

One of the conditions that is the basis for the notion that if a relation is “representable”, and sothere is an expression in the formal system NN that states that relation, is that the relation that is“representable” and the formal system in which the “representation” is to occur are both number-theoretic. A purely number-theoretic system is a systemwhere the only objects are natural numbers,and all variables have a domain that consists of the objects of the system, (i.e., natural numbers inthe format of the system). Given an expression of the system:

1. natural numbers may be substituted for a variable in an expression of the system.

And depending on the rules of the particular system, it is also the case that:

2. a valid expression of the system can also be produced by replacing a variable x in an existingexpression of the system by a different variable y of the system, providing certain conditionsare observed (such as the new variable name not conflicting with variables already in theexpression). This is basically a variable name change.

3. a valid expression of the system can also be produced by replacing a variable x in an existingexpression A of the system by another existing number-theoretic expression B of the systemthat is a functional expressiond providing certain conditions are observed (such as there maynot be variables in the expression B that conflict with variables already in the expression A).

Addendum: 2.2 Types in O’Connor’s computer code

O’Connor’s proof uses types, one of the types being “nat”, and which is similar but not identicalto the notion of natural number. In O’Connor’s code, variables that are defined as type “nat” canbe substituted by natural numbers, which are also assigned the type “nat”. But, crucially, suchvariables can also be substituted by functions that have the range of natural numbers, irrespectiveof whatever objects are referenced by the function, and irrespective of the domains of the variablesof the function.

It follows that the type “nat” does not correspond precisely to the definition of natural numbers asthey occur within the formal system NN. In the formal system NN, a variable cannot be substitutedby a function which references objects that are not natural numbers; it cannot be substituted by afunction whose variables do not have the domain of natural numbers. Any such substitution wouldresult in an expression that is not an expression of the formal system NN.

d. An expression that has free variables that have the domain of natural numbers, and when those variables aresubstituted by specific natural numbers, the resultant expression evaluates as a specific natural number.

Addendum 3

Addendum: 3 Assumptions in O’Connor’s proofO’Connor does not actually provide a proof of “representability” from fundamental mathematicalprinciples; instead he gives definitions of “representability” which include assumptions about whatexpressions are “representable”, and then he proves that certain terms of his computer code satisfythose definitions. Hence the result of his proof depends on the assumptions that are included inthose definitions.

When O’Connor claims that his proof is a fully computer checked proof, one expects that it shouldnot include any non-axiomatic assumptions. One could, of course, simply reject O’Connor’s“computer proof” as not being a completely proved proof, since it is not a complete proof fromfundamental mathematical principles alone; the assumptions that are implicit in O’Connor’sdefinition of “representability” are not commonly accepted axiomatic assumptions. Nevertheless,one might accept the result of O’Connor’s proof - but only if one is completely satisfied that suchassumptions are as acceptable as a standard fundamental mathematical axiom. However, as willbe shown below, a logical analysis of O’Connor’s proof demonstrates that his implicit assumptionsare neither logical, reasonable, nor acceptable in a rigorous mathematical proof.

For a definition of “representability” to be logically reasonable and acceptable, one would expectthat any expression of a relation/function for which there is a claim that there must also be anexpression in the formal system NN that states that relation/function, then it should also conformto the three rules above.e Otherwise if, for example, we construct an expression L by replacing avariable x in an existing number-theoretic expression K by an expression which includes a variablewhose domain is not natural numbers, then that expression L does not conform to Condition 3above, and thus there can be no logical reason to suppose that the derived expression L is“representable” in the formal system. In other words, we would have no reason to accept anassumption that such a derived expression as L is “representable” in the formal system, and wewould reject the notion that such an assumption would be a valid assumption in a mathematicalproof.

The suggestion might be made that this author has not proved that there cannot be expressions thatdo not conform to the three conditions above, but which there might nevertheless be such that theysatisfy the definition of “representability” and that there might also be an equivalent expression inthe formal system NN. This is correct, but the onus, as in all proofs, is on the creator of a proof thatrelies on his definition of “representable” to actually prove with complete rigor that there is alsoan equivalent expression in the formal system NN. A reliance on definitions that include implicitassumptions can only be acceptable if the assumptions can be shown to be logically reasonable.

Addendum: 3.1 O’Connor’s implicit assumptions in “representability”

There is a substantial problem in attempting to consider from O’Connor’s computer code defini-tions of “representability” whether the assumption that if an expression satisfies the computer codedefinitions of “representability” then there necessarily exists an equivalent expression in the formalsystem NN is a logically reasonable and acceptable assumption. This is because in the computercode “representability”:

e. Depending on the actual formal system, there may be other conditions that must also be observed; the above isthe minimum requirement that applies to all number-theoretic formal systems.

Addendum 4

1. is defined in terms of several code expressions that are themselves recursively defined inseveral levels of computer code

and

2. one needs to know precisely how the definitions interact with the Coq computer code system;that is, one would need to have an in-depth knowledge of the Coq system.

Two of the primary definitions involved in O’Connor’s definition of “representability” are:

Definition Representable (n : nat) (f : naryFunc n)(A : Formula) : Prop :=(forall v : nat, In v (freeVarFormula LNN A) -> v <= n) /\RepresentableHelp n f A.

andDefinition RepresentsInSelf (T:System) :=

exists rep : Formula, exists v : nat,(forall x : nat, In x (freeVarFormula LNN rep) -> x = v) /\(forall f : Formula,

mem Formula T f ->SysPrf T (substituteFormula LNN rep v (natToTerm (codeFormula f)))) /\

(forall f : Formula,mem Formula T f ->SysPrf T

(notH (substituteFormula LNN rep v (natToTerm (codeFormula f))))).

and examples of other terms that are involved in the definition of “representability” include:RepresentableHelp, RepresentablesHelp, RepresentableAlternate,RepresentableHalf1, RepresentableHalf2, ExpressibleHelp, RepresentablesHelp,Representable_ext.

So, on the face of it, it is exceedingly difficult for most persons other than those who have in-depthknowledge of the Cog computer system to reach an informed positive decision that the assumptionis acceptable. However, by approaching the problem from a different perspective, we can reacha well-informed decision that the assumption is certainly not acceptable. If we can observe thatO’Connor’s usage of “representability” does not actually reflect any acceptable logical principlesregarding what computer code expressions can be precisely “represented” in the formal systemNN, then there is no logical reason why one should consider that the assumption is acceptable.

In particular, there is no logical reason why one should accept O’Connor’s lemma:Lemma codeSubFormulaCorrect:

forall (f : Formula) (v : nat) (s : Term),codeSubFormula(codeFormula f) v (codeTerm s) =codeFormula(substituteFormula L f v s).

O’Connor has proved that the formula codeSubFormula(u,v,w) satisfies his definition of “rep-resentability”. He claims that this proves that it is primitive recursive; therefore it must be purelynumber-theoretic. Now, if the expression codeSubFormula(u,v,w) is actually “representable”,then there is a formula of the formal system that satisfies that definition. If that is the case, thenthe inverse of such “representability” must likewise apply to that formula of the formal system.From that it follows that any computer code expression for which the inverse of “representability”applies must state only the relation that is stated by the formal system, and not invoke any additional

Addendum 5

properties over and above those that are inherent in the formula of the formal system. In particular,in any such computer code expression, the variables of that expression must conform to the threeconditions noted above.

But O’Connor claims that because the function codeSubFormula(u,v,w) satisfies his definitionof “representability”, then there must be an expression in the formal NN that “represents” thefunction:

codeSubFormula(codeFormula f) v (codeTerm s).And, furthermore, he claims that because the composite function:

codeSubFormula(codeFormula f) v (codeTerm s)is extensionally equivalent to the composite function:

codeFormula(substituteFormula L f v s)that there must be an expression in the formal NN that “represents” the composite function

codeFormula(substituteFormula L f v s).

This is, of course, nonsensical, since in order to “represent” such a function, the formal system NNwould have to have a variable that has the same domain as f (domain of f is formula of a formalsystem), a variable that has the same domain as s (domain of s is terms of the formal system), anda variable that has the same domain as L (domain of L is formal systems), which is impossible.

The implicit assumption in O’Connor’s computer code definitions of “representability”, and thesubsequent usage of those definitions do not reflect any logical principles regarding what canactually be stated in the formal system NN. In O’Connor’s proof the computer code allows avariable of type “nat” (such as u,v and w in codeSubFormula) to be substituted by an expressionsuch as codeFormula f. This expression codeFormula f is itself not actually a natural number,that is, it is not an entity that satisfies the Peano axioms, since there is no successor for theexpression codeFormula f; nor is it a variable whose domain is natural numbers, nor is it itself anumber-theoretic expression. Hence it does not satisfy the three conditions above, and it followsthat there is no logical reason to suppose that there is an expression in the formal system NN thatstates the function codeSubFormula(codeFormula f) v (codeTerm s).

Of course, O’Connor’s substitution as in his lemma Lemma codeSubFormulaCorrect is simplya short-cut to a more formal expression, as referred to in section Addendum: 1 above:

For all f as a formula in NN, for all v as a natural number, for all s as a term in NN,there exist u, w as natural numbers, such that

u = codeFormula f, w = codeTerm s, andcodeSubFormula(u,v,w) = codeFormula(substituteFormula L f v s)

As noted in section Addendum: 1 this is an expression where its overall language is not confinedto objects that are only natural numbers, but within this overall expression, if it is the case thatthe function codeSubFormula(u,v,w) is a primitive recursive number-theoretic function (asO’Connor claims it is), then codeSubFormula(u,v,w) remains within the overall expression as apurely number-theoretic function.

Furthermore, even when a valid expression f is substituted for the variable f in the expressioncodeFormula f, this still does not mean that the resultant expression is “representable” in theformal system NN. Simply because it happens to be the case that when a valid expression suchas abc is substituted for the variable f, the expression codeFormula abc then evaluates inthe computer code as a natural number, that provides no logical reason to suppose that the

f . A formula of the formal system NN is a valid value of the domain of the variable f.

Addendum 6

substituted expression codeFormula abc is itself actually “representable” in the formal systemNN. The expression codeFormula necessarily requires bound variables whose domain is notnatural numbers, but whose domain is the set of all symbols of the formal system. That is, theactual evaluation of the function for a specific value of its free variable is evaluated in a systemthat is necessarily not a number-theoretic system, so there is no logical reason to suppose that theexpression itself is “representable” in the formal system NN - and neither is there any reason tosuppose that there can be an evaluation of the expression in the formal system NN.

Of course, if an author wishes to simply assume that expressions such as the above that do notconform to the three conditions are “representable” in NN, then he can base a “proof” around thatassumption, but to claim that the result is a valid proof of incompleteness is an absurdity, and fliesin the face of all notions of a rigorous mathematical proof.

Addendum: 4 A remark on computer checked proofsO’Connor’s response to this author’s original paper included the contention that there was an onuson this author to illustrate the flaw in the software system itself. It is clear that the error in theproof lies with O’Connor’s unacceptable assumptions.

The matter discussed here of an assumption that is obfuscated in the computer code raises animportant point in general regarding computer proofs. O’Connor proclaims his proof as a computerchecked proof, and it can be said that it has gained considerable acceptance as such,gwhere thegeneral impression seems to be that the entire proof is a complete self-contained formal proof thathas been checked by computer. However, it contains assumptions that are not computer checked,and which are not fundamental mathematical axioms.

In this case, the computer checks that the proof proves something, which it does. However,it is quite clear that what it actually proves and what O’Connor claims that it proves are twoquite different propositions. Because of the implicit assumption in O’Connor’s definitions of“representability”, O’Connor’s “representability” does not precisely capture the conditions thatmust be observed for there is to be a reasonable claim that a non-formal system expression is“representable” in the formal system.

This makes a mockery of the entire raison d’être of computer checked proofs, which is that theyshould eliminate all errors that arise from informal reasoning. If the author of a computer proofcan simply slip in an assumption into a definition, therein lies a back-door by which erroneousinformal reasoning can be introduced. Such back-doors should be totally eliminated if one is to beable to have any confidence in any claim of a computer proof.

Until such back-doors are eliminated, any assumptions such as O’Connor has included shouldsurely be clearly and explicitly stated and included in any reference to the proof being computerchecked. If O’Connor’s proof has been commonly accepted as a fully formal proof that has beencomputer checked, one is given to wonder how many such hidden assumptions are included inother claims of computer checked proofs.

g. O’Connor’s paper describing his proof has been accepted and published by Springer, and has been cited in severaljournal articles.

Addendum 7

Addendum References[1] P. Smith, An Introduction to Gödel’s Theorems. Cambridge University Press, 2006.

ISBN: 9780521857840.

[2] R. M. Smullyan, Gödel’s Incompleteness Theorems. Oxford University Press, 1992.ISBN: 0195046722.

[3] R. M. Smullyan, Recursion Theory for Metamathematics. Oxford University Press, 1993.ISBN: 9780195082326.

[4] G. Boolos, J. Burges, and R. Jeffrey, Computability and Logic. Cambridge University Press,fifth ed., 2007. ISBN: 9780521877527.

[5] T. Franzén, Gödel’s Theorem: An Incomplete Guide to its Use and Abuse. A K Peters, 2005.ISBN: 1568812388.

[6] P. Lindstrom, Lecture Notes: Aspects of Incompleteness. Springer-Verlag, 1997.ISBN: 3540632131.

[7] A. Mostowski, Sentences Undecidable in Formalized Arithmetic. Greenwood Press, 1982.ISBN: 9780313231513.

[8] J. Harrison, Handbook of Practical Logic and Automated Reasoning. Cambridge UniversityPress, 2009. ISBN: 9780521899574 (eBook format: ISBN: 9780511508653).

Addendum 8